The Federal Information Security Management Act (FISMA) is a framework designed to protect the United States government against cybersecurity attacks and natural disasters that put sensitive data at risk.


U.S. federal agencies chose SailPoint to help protect their digital identities


increase in cyber incidents at federal agencies since 2016 1

Who must comply with FISMA?

  • All U.S. federal government agencies
  • State agencies administering federal programs such as unemployment insurance, student loans, Medicare and Medicaid
  • Any private sector company doing contracted work for the U.S. government

How can SailPoint help you comply with FISMA?

Our open cloud identity governance platform makes it easy for you to stay compliant by seeing and controlling access to all your apps and data for every user, including bots.

Discover How

  1. United States Government Accountability Office, “Federal Information Security: Weaknesses Continue to Indicate Need for Effective Implementation of Policies and Practices,” September 2017.

What are the key FISMA areas identity governance addresses?

Access controls

Govern who has access to what, who should have access and how that access is used.

Audit and accountability

Produce audit trails and enable periodic reviews of access rights to enhance audit performance and adhere to regulatory mandates.

Identification and authentication

Integrate SailPoint’s identity governance with various single sign-on and multi-factor authentication solutions.

Risk assessment

Continually asses risk levels by classifying sensitive data stored in applications and files, automating access reviews to identify inappropriate access and using AI to monitor and identify unusual access.

What if your organization doesn’t comply?

There is a range of potential penalties including censure by Congress, reduction in federal funding and reputational damage.

Make sure you’re compliant with FISMA.

Learn how SailPoint can help.

Get Started Today